FSA updated recommendations for the organisation of the IT systems of financial institutions

On 23 January 2017, the Management Board of the Financial Supervision Authority approved an advisory guide which includes updated requirements for the organisation of the information technology and information security for companies who are subject to financial supervision.

„The organisation of information technology and information security of companies in the finance sector must ensure appropriate support for business processes. A company’s IT systems must correspond to the usability, integrity and confidentiality demands stemming from their business practice and external requirements”, said Andres Kurgpõld, a member of the Management Board of the Financial Supervision Authority. “In the implementation of this guide, the nature of the business activities, the company’s effect on the finance sector as a whole and the magnitude of risks and effects of their realisation all need to be considered”, added Kurgpõld.

Among other topics, the advisory guide includes recommendations and requirements for company’s information assets and risk management, physical and environmental security, management of communication and operations as well as encryption of data, development and acquisition of systems and management of incidents. In preparing the recommendations and requirements, the recommendations of internationally recognised standards ISO/IEC 27001 and ISO/IEC 27002 have been used.

The updated requirements for the organisation of the information technology and information security of the subject of financial supervision will enter into force on 24 July 2017. At the same time, the previous advisory guides on the organisation of the field of information technology and ensuring the information security, issued by the Financial Supervision Authority in 2004 and 2009 will be rendered invalid.

According to the law, the Financial Supervision Authority has the right to issue guides of an advisory nature in order to explain acts pertaining to the legislation of the finance sector, or to provide direction for the subjects of the Financial Supervision Authority.